Alcide Helps Protect EKS Deployments

EKS Visualization

The need for a real-time map of the infrastructure, as well as the ability to see changes over time is crucial to track and manage cloud workloads in an Amazon Web Services (AWS) environment. Alcide’s panoramic visibility of the AWS cloud deployment includes accounts, regions, VPCs VM and security groups data. The panoramic real-time view continuously tracks and visualized all of AWS components and network activities.

AWS console provides the ability to see a list view of a single account and region and its related VMs. The Alcide platform adds a visual map with real-time mapping of the entire AWS environment and network activity which helps troubleshoot and mitigate security issues. As workloads spin up or down, Alcide map is immediately updated.

AWS Security Groups

Amazon Web Services (AWS) is a cloud services platform, offering compute power, database storage, content delivery, and other functionality. AWS provides native security controls to help its customers protect cloud deployments. However, many AWS customers are not fully leveraging these controls, lack visibility into the dynamic environment and are exposed to security gaps.

With Alcide, customers can visualize and protect their cloud instances and get in-context meta-data from their cloud platform. AWS Security groups are automatically imported for all workloads, enabling AWS customers to granularly control policy segmentation, see all the data related to the policies, and make sure no risk is imposed as a result of a rule change or East/West threat posed by attackers.

Kubernetes provides the freedom to rapidly ship applications by minimizing deployment and service update cycles from weeks to days, and sometimes even hours. The velocity of application updates and deployment, however, requires a continuous security approach that involves integrating tools as early as possible in the deployment pipeline.

Security Policies

Satisfy all stakeholder requirements and address multi-layered concerns with centrally-orchestrated and automatically enforced security policies. The Alcide Firewall enables you to seamlessly adopt a Bring Your Own Security Policies (BYOSP) model and control your security policies in AWS deployments. Security Groups are monitored to identify and alarm in real-time risks created by exposing instances and monitoring changes across multiple accounts and regions.

Instead of having SecOps, DevOps, (or DevSecOps,) engineers, and security fight for policy dominance, Alcide facilitates a proper separation of DevOps duties through the policy plane bridging the gap between Security and DevOps teams. AWS security groups are automatically imported with their inbound and outbound rules. Policies are visualized on Alcide’s map with a simplified view allowing you to quickly understand what security groups are associated to each of your AWS VMs.

In AWS you can see a list of the network activities on a single VPC which resides in a single account and region. To be able to protect the environment, DevSecOps teams need to have a wider picture of what’s happening in their environment and quickly identify a security threat, including filtering by account and region, contextual metadata, network activity and alerts on non-compliant activity, behavior anomaly, and threat detections.

On-Demand Webinar: EKS Security Best Practices

Amazon Elastic Container Service for Kubernetes, Amazon EKS, provides Kubernetes as a managed service on AWS. Alcide natively integrates with EKS to provide unparalleled visibility and deep network security, monitoring of all running workloads, across multiple accounts and regions.

EKS and App Mesh Launch Partner

Solution Brief

Alcide Helps Protect EKS Deployments

Alcide secures Kubernetes multi-cluster deployments from code-to-production. Companies use Alcide to scale their Kubernetes deployments without compromising on security. This enables the smooth operation of business apps while protecting cloud deployments from malicious attacks.